#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

programming language | Breaking Cybersecurity News | The Hacker News

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

Dec 22, 2023 Social Engineering / Malware Analysis
A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the  Nim programming language . "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara  said . Nim-based malware has been a rarity in the threat landscape, although that has been slowly changing in recent years as attackers continue to either develop custom tools from scratch using the language or port existing versions of their nefarious programs to it. This has been demonstrated in the case of loaders such as  NimzaLoader ,  Nimbda ,  IceXLoader , as well as ransomware families tracked under the names  Dark Power  and  Kanti . The attack chain documented by Netskope begins with a phishing email containing a Word document attachment that, when opened, urges the recipi
New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

Dec 20, 2023 Cryptocurrency / Malware
A new Go-based information stealer malware called  JaskaGO  has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery,  said  the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server." Artifacts designed for macOS were first observed in July 2023, impersonating installers for legitimate software such as CapCut. Other variants of the malware have masqueraded as AnyConnect and security tools.  Upon installation, JaskaGO runs checks to determine if it is executing within a virtual machine (VM) environment, and if so, executes a harmless task like pinging Google or printing a random number in a likely effort to fly under the radar. In other scenarios, JaskaGO proceeds to harvest information from the victim system and establishes a connection to its C&C for receiving further instructions, including executing shell commands, enumerating
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor

Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor

Dec 11, 2023 Threat Intelligence / Cyber Attack
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called  Sandman  and a China-based threat cluster that's known to use a backdoor referred to as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary's Lua-based malware LuaDream and KEYPLUG have been determined to cohabit in the same victim networks. Microsoft and PwC are tracking the activity under the names Storm-0866 and Red Dev 40, respectively. "Sandman and Storm-0866/Red Dev 40 share infrastructure control and management practices, including hosting provider selections, and domain naming conventions," the companies  said  in a report shared with The Hacker News. "The implementation of LuaDream and KEYPLUG reveals indicators of shared development practices and overlaps in functionalities and design, suggesting shared functional requirements by their operators.&
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
High-Severity Rust Programming Bug Could Lead to File, Directory Deletion

High-Severity Rust Programming Bug Could Lead to File, Directory Deletion

Jan 24, 2022
The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete," the Rust Security Response working group (WG)  said  in an  advisory  published on January 20, 2021. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability. The flaw, which is tracked as  CVE-2022-21658  (CVSS score: 7.3), has been credited to security researcher Hans Kratz, with the team pushing out a fix in  Rust version 1.58.1  shipped last week. Specifically, the issue stems from an improperly implemented check to prevent recursive deletion of symbolic links (aka  symlinks ) in a standard library function named "std::fs::remove_dir_all." This results
Hackers Turning to 'Exotic' Programming Languages for Malware Development

Hackers Turning to 'Exotic' Programming Languages for Malware Development

Jul 27, 2021
Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. "Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,"  said  Eric Milam, Vice President of threat research at BlackBerry. "That tactic has multiple benefits from the development cycle and inherent lack of coverage from protective products." On the one hand, languages like Rust are more secure as they offer guarantees like  memory-safe programming , but they can also be a double-edged sword when malware engineers abuse the same features designed to offer increased safeguards to their advantage, thereby making malware less susceptible to exploitation and thwart attempts to  activate a kill-switch  and render them powerless. Noting that binaries written i
A Rust-based Buer Malware Variant Has Been Spotted in the Wild

A Rust-based Buer Malware Variant Has Been Spotted in the Wild

May 03, 2021
Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called "Buer" written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis. Dubbed "RustyBuer," the malware is propagated via emails masquerading as shipping notices from DHL Support, and is said to have affected no fewer than 200 organizations across more than 50 verticals since early April. "The new Buer variant is written in Rust, an efficient and easy-to-use programming language that is becoming increasingly popular," Proofpoint researchers  said  in a report shared with The Hacker News. "Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities." First introduced in August of 2019,  Buer  is a modular malware-as-a-service offering that's sold on underground forums and used as a first-stage downloader to deliver additiona
Android to Support Rust Programming Language to Prevent Memory Flaws

Android to Support Rust Programming Language to Prevent Memory Flaws

Apr 07, 2021
Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system. "Managed languages like Java and Kotlin are the best option for Android app development," Google  said . "The Android OS uses Java extensively, effectively protecting large portions of the Android platform from memory bugs. Unfortunately, for the lower layers of the OS, Java and Kotlin are not an option." Stating that code written in C and C++ languages requires robust isolation when parsing untrustworthy input, Google said the technique of containing such code within a tightly constrained and unprivileged sandbox can be expensive, causing latency issues and additional
Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

Apr 16, 2020
As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to compromise their computers or backdoor software projects they work on. In the latest research shared with The Hacker News, cybersecurity experts at ReversingLabs revealed over 700 malicious gems — packages written in Ruby programming language — that supply chain attackers were caught recently distributing through the RubyGems repository. The malicious campaign leveraged the typosquatting technique where attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead. ReversingLabs said the typosquatted packages in question were uploaded to RubyGems between February 16 and February 25, and that most of them have been designed to secretly steal funds by r
Learn How to Code: Get 10 Best Online Training Courses for Just $49

Learn How to Code: Get 10 Best Online Training Courses for Just $49

May 12, 2017
Struggling to learn how to code? If you're looking to 'learn how to code' and seeking a career as an expert-level programmer, you should know how to play with codes and make your own. It's no secret that mastering a coding language or two can put you at the top of the job market – thanks to the boom in technology. Today, you can elevate your programming skills straight from the Internet to become an actual coder, but getting into a heavy subject like coding involves a lot of time and money. 'Learn to Code' 2017 Bundle: Get 10 Courses in 1 Pack Fortunately for you, this week's THN Deal Store brings the Ultimate Learn to Code 2017 Bundle that gives you access to 10 online training courses in 1 single account at just $49, instead of $1,186. This 95% discount is valid for next few days. The Ultimate Learn to Code 2017 Bundle, comes with lifetime access, offers you professional training courses on Python, Ruby, Java, iOS, HTML, CSS, AngularJS and other programmin
Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

Feb 21, 2017
This newly discovered bugs in Java and Python is a big deal today. The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses. And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical networks and infrastructures. The unpatched flaws actually reside in the way Java and Python programming languages handle File Transfer Protocol (FTP) links, where they don't syntax-check the username parameter, which leads to, what researchers call, protocol injection flaw. Java/Python FTP Injection to Send Unauthorized SMTP Emails In a blog pos t published over the past week, security researcher Alexander Klink detailed the FTP protocol injection vulnerability in Java's XML eXternal Entity (XXE) that allows attackers to inject non-FTP malicious commands inside an FTP connection request. To demonst
Google may adopt Apple's Swift Programming Language for Android

Google may adopt Apple's Swift Programming Language for Android

Apr 08, 2016
Almost two years back, Apple introduced Swift programming language at its World Wide Developers Conference (WWDC) to the developers who build software applications for Apple devices. Swift was designed to make it easier for developers to create apps for Apple's mobile platform. Usually developers write complete app code and then compile it to see output, but Swift helps them see results in real time instantly while writing code. Now, reports have been emerged that the search engine giant is also considering making Swift programming language a "first class" language choice for programmers making apps for its Android platform. In between an ongoing legal battle with Oracle over Android, Google is planning to bring Swift into the Android platform with at least two major third-party developers — Facebook and Uber, reports The Next Web. Around the time when Apple officially made Swift an open source language, executives from Google, Facebook and Uber attended a m
These Top 10 Programming Languages Have Most Vulnerable Apps on the Internet

These Top 10 Programming Languages Have Most Vulnerable Apps on the Internet

Dec 04, 2015
A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites. The app security firm Veracode has released its State of Software Security: Focus on Application Development report ( PDF ), analyzing more than 200,000 separate applications from October 1, 2013, through March 31, 2015. The security researchers crawled popular web scripting languages including PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android, iOS, and COBOL, scanning hundreds of thousands of applications over the last 18 months. Also Read:  A Step-by-Step Guide — How to Install Free SSL Certificate On Your Website Researchers found that PHP – and less popular Web development languages Classic ASP and ColdFusion – are the riskiest programming languages for the Internet, while Java and .NET are the safest. Here's the Top 10 List:
Twitter Open Sources 'Diffy' that Automatically Catches Potential Bugs in Code

Twitter Open Sources 'Diffy' that Automatically Catches Potential Bugs in Code

Sep 04, 2015
After, Facebook open sourced Thrift Technology ( an internally used tool by Facebook ) in 2007, rival entity Twitter brings Diffy , an internal Twitter service to the world. Yesterday, Twitter introduced " Diffy ," an open source tool, acting as a helping hand for the software developers to catch bugs, test and compare results without writing much code. Diffy plays a vital part in Twitter's development. As a service - Twitter modifies portions of its complex code on a timely basis, and Diffy is packed with such advanced automated techniques that it helps Twitter in its smooth workflow and optimized performance. Diffy simultaneously relieves programmers from writing separate codes to test flaws in the modified code. As, Diffy's minimal setup requirements are adaptable to any kind of environment. Apache Thrift and HTTP-based communication are such elaborate environments where Diffy catches bugs automatically . But, What exactly Diffy is? D
Apple's New Swift Programming Language for iOS And OS X Apps. Goodbye Objective-C

Apple's New Swift Programming Language for iOS And OS X Apps. Goodbye Objective-C

Jun 04, 2014
The development of self own languages has become emblematic of the hot new trend in business as every big Internet service provider is now developing their own and unique programming languages. Two months ago, Facebook released its modern programming language called ' HACK ', which is specially designed to make the process of writing and testing code of complex websites and other software faster, and the company already drives almost all of the its social networking site to HACK over the last year. This Monday, Apple surprises the gathering of people who build software applications for Apple hardware devices at its World Wide Developers Conference (WWDC) by introducing its whole new programming language called Swift , which probably replace Apple's main programming language - Objective-C that is being loved by the developers who build software applications for Apple hardware devices, from iPhone, iPad to Macintosh. The first app built on Swift is the WWDC ap
HACK - A New Open Source Programming Language developed by Facebook

HACK - A New Open Source Programming Language developed by Facebook

Mar 23, 2014
Facebook just released a new programming language called ' HACK ', designed to build complex websites and other software quickly and without many flaws. The company has already migrated almost all of its PHP-based social networking site to HACK over the last year, but it has nothing to do with Hacking. When Social Networking website Facebook was started 10 years ago, it was coded in PHP by Mark Zuckerberg and team, but as the company grew, PHP Programming platform became difficult to manage and bug-free. Thus, Hack was born!  Facebook Team decides to develop a new programming language that could combine elements of static- type programming languages such as C or C++ with dynamic-type languages like PHP, now called " HACK Programming Language ". " Hack has deep roots in PHP. In fact, most PHP files are already valid Hack files. " Facebook said, " We have also added many new features that we believe will help make developers more productiv
Cybersecurity Resources